package com.security.interceptor;

import com.security.model.UserDTO;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @ClassName SimpleAuthenticationInterceptor
 * @Version 1.0
 * @Author Wulc
 * @Date 2022-05-15 17:07
 * @Description
 */
@Component
public class SimpleAuthenticationInterceptor implements HandlerInterceptor {
    //preHandle会在调用所有controller方法之前调用，用于进行先行拦截
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //在这个方法中校验用户请求的url是否在用户的权限范围内
        //取出用户身份信息
        Object object = request.getSession().getAttribute(UserDTO.SESSION_USER_KEY);
        if (object == null) {
            //没有认证，提示登录
            writeContent(response, "请登录");
        }
        UserDTO userDto = (UserDTO) object;
        //请求的url
        String requestURI = request.getRequestURI();
        if (userDto.getAuthorities().contains("p1") && requestURI.contains("/r/r1")) {
            return true;
        }
        if (userDto.getAuthorities().contains("p2") && requestURI.contains("/r/r2")) {
            return true;
        }
        writeContent(response, "没有权限，拒绝访问");

        return false;
    }

    //响应信息给客户端
    private void writeContent(HttpServletResponse response, String msg) throws IOException {
        response.setContentType("text/html;charset=utf-8");
        PrintWriter writer = response.getWriter();
        writer.print(msg);
        writer.close();
    }
}
